/// <summary>
/// Validates and saves the existing user
/// </summary>
public static void Update(User user)
{
if (user.IsNew)
{
throw new SystemException("This method cannot be used to save new users");
}
// Validate standard business object requirements
ErrorList errors = ValidateUser(user);
// Throw an error if the user fields are not all valid
if (errors.Count > 0)
{
throw new InvalidUserException(errors, user);
}
// NB: Do not inline as PasswordChanged is reset in SaveUser()
bool passwordChanged = user.ChangedProperties.ContainsKey(User.Columns.Password.ToString());
// Save the user
SaveUser(user);
// Update the password history if the password was changed
if (passwordChanged)
{
PasswordHistory.UpdateUserPasswordHistory(user);
}
}
public static void ChangePassword(User user, string existingPassword, string newPassword, string newPasswordConfirmation)
{
// First make sure that the existing password the user has entered is valid
if (!user.CheckPassword(existingPassword))
{
throw new ChangePasswordException("Old password is incorrect");
}
// Ensure that they entered a new password
if (StringUtils.IsBlank(newPassword))
{
throw new ChangePasswordException("New password cannot be blank");
}
// Ensure that the new password and confirm new password match
if (newPassword.Trim() != newPasswordConfirmation.Trim())
{
throw new ChangePasswordException("New password does not match confirmed password");
}
// Ensure that the user has not used the new password recently
if (PasswordHistory.IsRecentPassword(user, newPassword))
{
throw new ChangePasswordException("New password has been used recently and cannot be used again");
}
// Validate the new password, ensuring it meets all password criteria
ErrorList e = PasswordGenerator.ValidatePassword(newPassword);
if (e.Count > 0)
{
throw new ChangePasswordException(e[0].ToString());
}
// Everything has password. Set the new password and update the user's
// password expiry date. Then save the user back to the database.
user.SetPassword(newPassword);
user.PasswordExpiryDate = DateTime.Now.AddDays(PasswordExpiryDays);
User.Update(user);
// Update the user's password history (this is so that we can stop the same
// password from being used again in future).
PasswordHistory.UpdateUserPasswordHistory(user);
// Update the audit log
AuditLogManager.LogUserAction(user, AuditUserAction.ChangePassword, "Changed password");
}
private static ErrorList ValidateUser(User user)
{
ErrorList errors = new ErrorList();
if (StringUtils.IsBlank(user.FirstName))
{
errors.Add("First name is required");
}
if (StringUtils.IsBlank(user.LastName))
{
errors.Add("Last name is required");
}
if (StringUtils.IsBlank(user.Email))
{
errors.Add("Email address is required");
}
else if (!StringUtils.IsEmail(user.Email))
{
errors.Add("Invalid email address");
}
else
{
Company company = UserSecurityManager.GetCompanyByDomain(user.Email);
if (company.IsNull)
{
switch (RegistrationEmailFormat)
{
case RegistrationEmailFormatType.InternalUsers:
{
if (user.IsEmployee && company.IsNull)
{
errors.Add("Email address is not valid for external users");
}
break;
}
case RegistrationEmailFormatType.AllUsers:
{
if (company.IsNull)
{
errors.Add("Email address must belong to approved domain");
}
break;
}
}
}
else
{
User u = User.GetByEmail(user.Email);
if (!u.IsNull && !u.UserId.Equals(user.UserId))
{
errors.Add("Email address is already in use");
}
}
}
if (StringUtils.IsBlank(user.CompanyName))
{
errors.Add("Company name is required");
}
if (StringUtils.IsBlank(user.Password))
{
errors.Add("Password is required");
}
if (user.PasswordChanged)
{
if (user.UnencryptedPassword.Length == 0)
{
errors.Add("Password confirmation is required");
}
else if (user.UnencryptedPassword != user.UnencryptedConfirmPassword)
{
errors.Add("Password and confirm password do not match");
}
else
{
ErrorList e = PasswordGenerator.ValidatePassword(user.UnencryptedPassword);
if (e.Count > 0)
{
errors.AddRange(e);
}
else if (!user.IsNew && PasswordHistory.IsRecentPassword(user, user.Password))
{
errors.Add("Password has been used recently and cannot be used again");
}
}
}
if (user.Brands.Count == 0)
{
errors.Add("User must be assigned to at least one brand");
}
else
{
if (user.PrimaryBrandId <= 0)
{
errors.Add("One brand must be select as the main brand");
}
else if (user.Brands.FindIndex(b => b.BrandId == user.PrimaryBrandId) < 0)
{
errors.Add("The main brand must be selected");
}
}
if (StringUtils.IsBlank(user.CompanyName))
{
errors.Add("Company name is required");
}
if (user.UserRoleId == 0)
{
errors.Add("System Error : User role must be specified");
}
if (user.UserRole == UserRole.BrandAdministrator)
{
// Only one brand admin per business-unit
UserFinder finder = new UserFinder {
UserRole = UserRole.BrandAdministrator, PrimaryBrandId = user.PrimaryBrandId
};
User u = User.FindOne(finder);
// Found a user, and user id is different from this user, so don't allow change
if (!u.IsNull && !u.UserId.Equals(user.UserId))
{
string message = string.Format("The user {0} is already assigned to the Brand Administrator role for the selected brand(s)", u.FullName);
errors.Add(message);
}
}
return(errors);
}
